WHAT IS CLAIMED IS: 

1. A method for routing data packets within a telecommunications system, the 
method comprising: 

receiving a data packet at a CMTS; 

determining whether the data packet satisfies a selected condition and, if so, 
encrypting the data packet; and 

transmitting the data packet from the CMTS to the intended recipient(s). 

2. The method of Claim 1, wherein the CMTS operates in accordance with 
DOCSIS. 

3. The method of Claim 1, wherein determining whether the data packet satisfies 
a selected condition comprises determining whether the data packet is intended for broadcast 
to a plurality of VLAN members, 

4. The method of Claim 1 , wherein determining whether the data packet satisfies 
a selected condition comprises determining whether the data packet is intended for delivery 
to a VLAN member with an unknown destination address. 

5. The method of Claim 1, wherein the data packet is encrypted such that access 
to the data packet is restricted to members of a VLAN. 

6. The method of Claim 5, wherein an encryption key associated with the VLAN 
is used to encrypt the data packet. 

7. A method for registering a cable modem with a CMTS, the method 
comprising: 

receiving a request to register the cable modem; 
assigning a service identifier to the cable modem; and 

determining whether the cable modem should be associated with a VLAN and, 
if so, assigning a SAID associated with the VLAN to the cable modem. 

8. The method of Claim?, wherein the CMTS operates in accordance with 
DOCSIS. 

9. The method of Claim 7, wherein each VLAN is associated with a unique 

SAID. 
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10. The method of Claim 7, wherein determining whether the cable modem 
should be associated with a VLAN comprises receiving an input from a user indicating 
whether the cable modem is part of a VLAN. 

11. The method of Claim 10, further comprising receiving authentication 
information from the user. 

12. The method of Claim 7, wherein if the cable modem should be associated with 
a VLAN, an encryption key associated with the VLAN is transmitted to the cable modem. 

13. The method of Claim 7, wherein if the cable modem should be associated with 
an existing VLAN, an existing SAID corresponding to the VLAN is assigned to the cable 
modem. 

14. The method of Claim 7, wherein if the cable modem should be associated with 
a new VLAN, a new SAID corresponding to the new VLAN is created and assigned to the 
cable modem. 

15. A CMTS comprising: 

a network port configured to be coupled to a telecommunications network; 

a cable port configured to be coupled to one or more cable modems through 
which CPE devices can gain access to the telecommunications network; 

a packet forwarding module in communication with the network port and the 
cable port; and 

a VLAN bridging module in communication with the packet forwardinjg 
module, wherein the VLAN bridging module is configured to determine whether a 
received data packet satisfies a selected condition and, if so, encrypt the data packet 
before it is delivered to the intended recipient(s). 

16. The CMTS of Claim 15, wherein the CMTS operates in accordance with 
DOCSIS. 

17. The CMTS of Claim 15, wherein the selected condition comprises 
determining whether the data packet is intended for broadcast to a plurality of VLAN 
members. 

18. The CMTS of Claim 15, wherein the selected condition comprises 
determining whether the data packet is intended for delivery to a VLAN member with an 
unknown destination address. 
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19. The CMTS of Claim 15, wherein the VLAN bridging module is configured to 
encrypt the data packet such that access to the data packet is restricted to members of a 
VLAN. 

20. The CMTS of Claim 19, wherein an encryption key associated with the 
VLAN is used to encrypt the data packet. 

21. A CMTS comprising: 

a network port configured to be coupled to a telecommunications network; 

a cable port configured to be coupled to one or more cable modems through 
which CPE devices can gain access to the telecommunications network; 

a cable modem registration module in communication with the network port 
and the cable port, wherein the cable modem registration module is configured to 
assign a primary service identifier to the cable modems when they are registered with 
the CMTS, and 

a VLAN bridging module in communication with the cable modem 
registration module, wherein the VLAN. bridging module is configured to determine 
whether a cable modem should be included in a VLAN and, if so, assign a secondary 
service security association identifier to the cable modem. 

22. The CMTS of Claim 21, wherein the CMTS operates in accordance with 
DOCSIS. 

23. The CMTS of Claim 21, wherein each VLAN is associated with a unique 
secondary service security association identifier. 

24. The CMTS of Claim 21, wherein the VLAN bridging module is configured to 
determine whether a cable modem should be associated with a VLAN by receiving an input 
from a user indicating whether the cable modem is part of a VLAN. 

25. The CMTS of Claim 25^ wherein the VLAN bridging module is configured to 
receive authentication information from the user. 

26. The CMTS of Claim 21, wherein if a cable modem should be associated with 
a VLAN, the VLAN bridging module transmits an encryption key associated with the VLAN 
to the cable modem. 
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27. The CMTS of Claim 21, wherein if the cable modem should be associated 
with an existing VLAN, the VLAN bridging module assigns an existing secondary service 
security association identifier corresponding to the VLAN to the cable modem. 

28. The CMTS of Claim 21, wherein if the cable modem should be associated 
with a new VLAN, the VLAN bridging module creates a new secondary service security 
association identifier corresponding to the new VLAN and assigns it to the cable modem. 

29. A machine readable medium comprising machine readable instructions for 
causing a computer to perform a method comprising: 

receiving a data packet at a CMTS; 

determining whether the data packet satisfies a selected condition and, if so, 
encrypting the data packet; and 

transmitting the data packet from the CMTS to the intended recipient(s). 

30. The machine readable medium of Claim 29, wherein the CMTS operates in 
accordance with DOCSIS. 

3L The machine readable medium of Claim 29, wherein determining whether the 
data packet satisfies a selected condition comprises determining whether the data packet is 
intended for broadcast to a plurality of VLAN members. 

32. The machine readable medium of Claim 29, wherein determining whether the 
data packet satisfies a selected condition comprises determining whether the data packet is 
intended for delivery to a VLAN member with an unknown destination address. 

33. The machine readable medium of Claim 29, wherein the data packet is 
encrypted such that access to the data packet is restricted to members of a VLAN. 

34. The machine readable medium of Claim 33, wherein a SAID associated with 
the VLAN is used to encrypt the data packet. 
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